<?php
/*防止SQL语句注入*/

header('content-type:text/html; charset=utf-8');
$username = $_POST['username'];
$password = $_POST['password'];

try{
	$pdo = new PDO('mysql:host=localhost; dbname=exercise', 'root', 'root');
	// $pdo->quote($username);
	// $sql = "select * from user where username='{$username}' and password='{$password}'";
	// echo $sql."<br>";
	//通过quote()函数的返回带引号的字符串，过滤字符串中的特殊字符
	$stmt = $pdo->quote($username);
	$sql = "select * from user where username={$username} and password='{$password}'";
	$stmt = $pdo->exec($sql);
	//PODStatement对象的方法：rowCount()函数：对于select操作返回结果集中的记录的条数
	//对于INSERT, UPADTE, DELETE 返回受影响的记录的条数
	echo $stmt->rowCount();

}catch(PDEOxception $e) {
	echo $e->getMessage();
} 
?>